Thycotic’s Cyber Security Publication

December 2nd, 2016

According to reports, the Shamoon malware contained embedded credentials that allowed the malware to move throughout the network and cause harm. The attack was likely initiated using a worm, which is how Shamoon operated historically. Propagation occurs by accessing shares in the network or through other remote access, using stolen credentials.

The pattern of privileged credential compromise continues to be a big problem. Our Privileged Password Vulnerability Benchmark research shows that many organizations still store still store privileged and admin passwords in risky Word documents or Excel spreadsheets (see why that’s a bad idea). Failing to secure these accounts is an open door to attackers to unleash their malware across a network. We need to assume cyber attackers are already on the network and planning attacks with increasingly malicious intent. By shutting down the privileged pathway of malware like Shamoon, organizations can dramatically improve their IT security.